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Description 

The present invention relates to a portable data storing/processing device sucii as an IC card iiaving a 
controi circuit, e.g. CPU, and a memory. 

6 A banking organ sucli as a banl< has used a so called cash card with an account number by which 
money can be deposited or withdrawn without a bankbook. In order to prevent another person from illicitly 
using the card, a password is stored in the cash card for checking whether or not the user is the real owner 
of the card. A magnetic stripe memory is used for the memory of the cash card. In this type of the memory, 
the data stored is easily read. In this respect, the memory has an insufficient protecting function against the 

10 read out of data by another person. This gives rise to illicit use of the cash card. 

To cope with this problem, a portable data storing/'processing device, such as an IC card, has been 
developed. In this device, a semiconductor memory of which the data can not be seen from the exterior is 
included. In this type of IC card, it is necessary to devide the memory area into an accessible zone and an 
inaccessible zone, for a certain people and a certain machine in accordance with the data to be stored. The 

15 size and location of the zone in the memory area are property set in accordance with the issuer of the IC 
card or the system using the iC card. For this reason, the card maker must individually manufacture the 
cards prepared for the card Issuers and the systems. In the conventional IC card, the passv/ord is usually 
checked. However, in some cases, the password check is not required. Furthermore, the data is output from 
the IC card being encrypted in accordance 'with the importance of the data. To meet such a requirement, 

20 the card maker must manufacture additional IC cards not requiring the password check or requiring the data 
encryption. 

Thus, the conventional IC card lacks versatility in use, and has a high manufacturing cost. 

The above description, which relates to a card like portable data storing/processing device, is also 
applicable to a coin like device, and any other portable means (e.g. a ball point pen or a wristwatch) having 
25 such a device assembled therein. 

Prior art document IBM TECHNICAL DISCLOSURE BULLETIN, vol. 22. no. 5, October 1979, pages 
2009-2010, New York. US; A.J. Sutton et al.: "Processors sharing and partitioning of main storage in the MP 
system", describes a plural processor shared storage system. In this system, a main storage is partitioned, 
and a processor identification field permits or denies each processor of the system to access a particular 
30 range of storage addresses according to the identification of the processor. 

It is an object of the present invention to provide a portable data storing/processing device which is 
versatile in use and low in cost to manufacture. 

To solve this object the present invention provides a portable data storing/processing device as stated 
in claim 1 or 2. 

35 This invention can be more fully understood from the following detailed description when taken in 
conjunction with the accompanying drawings, in which; 

Fig. 1 is a plan view of an IC card which is an embodiment of a portable data storing/processing device; 
Fig. 2 is a block diagram of a circuit of an IC chip contained in the IC card; 

Fig. 3 is a perspective view of a card issuing apparatus for writing predetermined data into the IC card 
40 and issuing a card with the written data; 

Fig. 4 shows a block diagram of a control circuit of the card issuing apparatus shown in Fig. 3; and 

Fig. 5 is a longitudinal sectional view of a card transport path of the card issuing apparatus of Fig. 3 

ranging from a slit for card insertion to a IC card reader/writer. 

A preferred embodiment of a portable data storing/processing device according to the present invention 
45 will be described referring to the accompanying drawings. In the present embodiment, the portable data 
storing/processing device is shaped like a card. Fig. 1 shows a plan view of a so called IC card. An IC chip 
to be described later is contained in a card 10 made of plastic, for example. A connector 12 is provided on 
the surface of the card 10. When the card 10 is inserted into a card issuing apparatus or a user terminal 
device (in banks, an automatic cash depositing/withdrawing machine), the connector 12 connects the IC 
50 chip with such a device. 

Rg. 2 is a block diagram of an electric circuit in the IC chip contained in the card 10. The IC chip 
includes a CPU 20, a zone access controller 22. a memory 24, an encrypt circuit 26 and an interface 28. 
The interface 28 is connected to the connector 12 on the card surface. The memory 24 is an EEPROM for 
storing a control program for the CPU 20. and data. Its memory area is segmented into a plurality of zones. 
55 The zone access controller 22 is also an EEPROM, and stores a password and an access condition for 
each zone of the memory 24 in the form of a zone access table as given In the following table. The unit of 
zone size is byte. 



2 



EP 0 152 024 B1 



Table 1 
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An access person flag A (A1. A2. A3. A4 A8). a terminal flag B (B1 B8). and an output condition 

flag C (01 08) each consists of 8-bit data. Each bit of the access person flag A indicates a card 

20 accessible condition for each access person. If the bit is "T, the card is accessible by that access person. 
If it is "0", the card is inaccessible by that access person. In this embodiment, the bits A1 . A2 and A3 of the 
access person flag respectively correspond to a card maker, a card issuer, and a card owner. The bits of 
the terminal flag B indicate an access condition for each terminal device, respectively. If the bit is "1". the 
canj is accessible by that terminal. If it is "0", the card is inaccessible by that terminal. The bits B1. B2 and 

25 B3 of the terminal flag B con'espond to a card issuing apparatus, an updating apparatus {reissuance of an 
expired card is called an "update"), and an user terminal, respectively. In the output condition flag, only the 
bits CI and 02 are valid. If the bit 01 is "1 it indicates an indirect encryption of data. If the bit C2 is "1 it 
indicates a direct encryption. If both the bits are "0". the data is output without being encrypted. Direct 
encryption of data means that the data is encrypted by an encrypt key generator in the 10 card. Indirect 

30 encryption means that the data is encrypted by an encrypt key generator in the terminal device, not in the 
10 card. 

The access person flag A, the terminal flag B and the output condition flag C are tabulated below. In the 
table, sign "-" indicates invalid data. 

35 

Table 2 
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y From Table 2. the zone access table shown in Table 1 can be interpreted in the following way. In Table 
55 1, the zone No. 1 is accessible only when the maker or the issuer operates the card issuing apparatus. The 
data in the zone is indirectly encrypted and output. The zone No. 2 is accessible only when the issuer or 
the owner operates the card issuing apparatus, the updating apparatus, or the user terminal device. The 
data in this zone is directly encrypted and output. The zone No. 3 is accessible only when the owner uses 
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the user terminal device. Tiie data in this zone is directly encrypted and output. The zone No. 4 is 
accessible only when the owner operates the user terminal device. The data in this zone is output without 
being encrypted. In this case, the access person is identified by a password. 

The zone access table is programnned into the zone access controller 22 by the card issuer, for 

5 example, a bank, and not in the nnanufacturing stage of the IC card. A card issuing apparatus used for 
programming the zone access table will bo described, f^g. 3 shows the appearance of a card issuing 
apparatus, which is like a general personal computer. The card issuing apparatus is comprised of a 
keyboard 30. a CRT monitor 32. a floppy disk unit 34, a printer 36. and the like. A slit 40 for the IC card to 
be Inserted through is located under a disc inlet 38 of a floppy disk unit 34. Rg. 4 shows a block diagram of 

70 an internal circuit of the card issuing apparatus. The issuing operation of the card is performed under the 
control of a control circuit 48 including a CPU 42. a ROM 44 and a RAM 46. The keyboard 30. the CRT 
monitor 32, the floppy disk unit 34, and the printer 36 are connected to the CPU 42. The card 10. inserted 
through the slit 40, is electrically connected to an IC card reader/v/riter 50. With this connection, data is 
transferred between the circuit of the card 10 and that of the card issuing apparatus. 

76 Rg. 5 shows a longitudinal cross sectional view of a card transport path ranging from the slit 40 to the 
IC card reader/writer 50. The transport path is a slit defined betv/een a pair of upper and lower guides 52 
and 54. Transport roller pairs 55, ... are equidistantly disposed along the guides 52 and 54. The distance 
betv/een the adjacent transport roller pairs 55 and 55 is equal to the length of the IC card as viewed in the 
card transport direction. With such an interval between the roller pairs, the card can be smoothly moved 

20 through the card transport path between the guides 52 and 54. 

The card issuing operation of the card issuing apparatus thus an-anged will be given below. An operator 
(as a card issuer) inserts a new IC card, on which the zone access controller 22 has not yet written a zone 
access table, into the slit 38. Then, the \C card is put into the card issuing apparatus and transported 
therein until the connector 12 is connected to a terminal (not shown) of the IC card reader-'writer 50. When 

25 the connection is detected, the control circuit 48 directs the CRT monitor 32 to form a zone access table. 
More specifically, a zone No., a head address and a zone size in each zone are displayed on the CRT 
monitor 32 to request the operator to input an access person flag, a terminal flag, and an output condition 
flag. Jn response to the request, the operator inputs these flags. The flags as input are written, in the form of 
the above zone access table, into the zone access controller 22 of the IC card 10. through the CPU 42 and 

30 the IC card reader/writer 50 in the card issuing apparatus, and the CPU 20 In the card 10. Upon completion 
of the programming of the zone access table, an operator writes a passv/ord of an Issuer and an owner into 
a predetermined memory area of the zone access controller 22. At this point, the card issuing operation is 
completed* 

Generally, the IC card thus issued is owned by an owner, and is used at user terminals of banks (e.g. 

35 automatic cash depositing/withdrawing machine), for example, for depositing or withdrawing money. The 
user terminal also has, substantially, the same construction as that of the card issuing apparatus. The CPU 
of the user terminal is connected to a host computer through a data communication cable. At the user 
terminal, after insertion of the IC card, a password is input by an card ov/ner. It is sequentially checked 
whether or not each zone is accessible by the user temninal and the owner. Then, only the accessible zones 

40 are open to use by the owner. 

As described above, the memory area of the IC card is segmented into a plurality of zones in the stage 
of its manufacture. In each zone, the access condition can be set at the time of card issuance. Therefore, 
the IC card has greater versatility in use. The access condition may include an assortment of access people 
and a type of user terminal device as well, or a combination of them. Therefore, protection of the data can 

45 be ensured. In addition to the access condition, the 7/ay of encryption or the presence or not of the 
encryption can also be set. In this respect, the portable data storing/processing device of this embodiment 
has a good versatility in use. 

A second embodiment of a portable data storing/processing device according to the present invention 
will be given. In the first embodiment, a password of the user must be given when the card is used- In the 

50 second embodiment, the IC card is usable with a terminal device requiring no password verification, that is, 
in cases where the access condition for each user is not necessary. This can be realized by modifying the 
zone access table as shown in Table 3. 



55 
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Table 3 
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The bits D1. D2 and D3 of a password verification flag D respectively correspond to a card maker, a 
card issuer and a card owner, as in the case of the bits of the access person flag A. If the bits of the 

20 password verification flag D are "1", the password verification for that person is required. If these are "0", 
no password verification for that person is required. The items other than the password venftcation flag are 
the same as those in Table 1. In Table 3. * indicates that either "0" or "1 " is allowed for the bits. As seen 
from Table 3, the zones Nos. 1 to 3 require the inputting of a password since password verification must be 
performed. The zone No. 4 requires no password verification for any person. 

23 In issuing the IC card in this embodiment, the zone No., the head address, and the zone size for each 
zone are displayed by the CRT monitor 32 as in the first embodiment to call upon an operator as a card 
issuer to input an access person flag, a terminal flag, an output condition flag, and a password venfication 
flag. The access person Flag, the terminal flag, the output condition flag, and the password verification flag 
as input from the keyboard 30 are programmed into the zone access controller 22 in the form of the above- 

30 mentioned zone access table, through the CPU 42. the IC card reader writer 50. and the CPU 20 in the card 
10. 

The IC card requiring no password verification may be used as time cards for employees, tickets for 
playland, telephone cards, etc. if it is used as the ticket or telephone cards, the data representing a 
predetermined amount of money is stored in the memory. Every time it is accessed, the data of a 

35 necessary amount of money is subtracted from the previously stored data. 

In the above-mentioned embodiments, individual EEPROMs are used for the memory and the zone 
access controller, respectively. A single EEPROM may be used for them. In this case, different addresses 
are assigned to them, respectively. Other memory components such as PROM, ROIVl, RAM. etc. may be 
used in place of the EEPROM. While the portable data storing/processing device is shaped like a card in 

40 the above-mentioned embodiments, the present invention may be embodied in a coin like configuration. 
Further, it is applicable for a ball point pen. a wrist watch, etc. Thus, any configuration is allowed for 
embodying the present invention, if it allows the portability of the device thus configured. 

As described above a memory area is segmented into a plurality of zones. In each zone, any access 
condition can be set. Therefore, the portable data storing/ processing device according to the present 

45 invention is versatile in use, and can reliably ensure data protection. This versatility allows a mass 
production of the portable data storing/processing devices, thus resulting in a cost reduction of the devices. 

Claims 

50 1. A portable data storing/processing device which is connectable through a terminal device to a main 
data processing device, comprising: 
a portable main body (10); 

memory means (24) of which memory area is segmented into a plurality of zones for storing data 
supplied to said main body (10); and 

65 

access control means (22) for storing an access condition for each zone of said memory means (24) to 
control the access to each zone, wherein said access control means further stores an output condition 
to decide whether or not the data is encrypted before the data in said memory means is output. 
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2. A portable data storing/processing device which is connectable through a terminal device to a main 
data processing device, comprising: 
a portable main body (10); 

memory means (24) of which memory area is segmented into a plurality of zones for storing data 
5 supplied to said main body (10); and 

access control means (22) for storing an access condition for each zone of said memory means (24) to 
control the access to each zone, wherein said access control means further stores an access condition 
to represent whether or not a password must be verified before access of said memory means. 

10 3. A device according to claim 1 or 2, characterized in that said access condition Is an assortment of 
access people. 

4. A device according to claim 3, characterized in that said access control means identifies a person by 
his password. 

75 

5. A device according to claim 1 or 2, characterized in that said access condition is a typo of terminal 
device. 

6. A device according to claim 1 or 2. characterized in that said access condition is a combination of an 
20 assortment of access people and a type of terminal device. 

7. A device according to claim 1 or 2, characterized in that said portable data storing/processing device is 
an integrated circuit card. 

25 8. A device according to claim 1 or 2, characterized in that said terminal device comprises: 

access condition writing means (48) for segmenting said access control means (22) into zone areas, 
each con-esponding to said zones of said memory means (24), and for writing access conditions for 
said plurality of zones of said memory means (24) respectively into said zone areas of said access 
control means (22). so that the area of said memory means (24) is segmented into zones of desired 

30 sizes. 

9. A device according to claim 8. characterized in that each of said zone areas of said access control 
means (22) segmented by said access condition writing means (48) stores a head address and the size 
of said zone of said memory means (24). 

35 

. 10. A device according to claim 1 or 2, in v/hich said memory means (24) comprises a first nonvolatile 
memory and said access control means (22) comprises a second nonvolatile memory. 

Revendlcations 

40 

1. Dispositif portatif pour la memorisation/ le traitement de donndes qui est connectable par rintermediaire 
d'un terminal k un dispositif central de traitement de donnees. comprenant: 

un corps principal portatif (10); 

un moyen a mdmoire (24) dont un secteur de m^moire est segmente en un ensemble de zones pour 
45 memoriser des donnees fournies audit corps principal (10); et 

un moyen de commando d'acces (22) pour memoriser une condition d'acces pour chaque zone dudit 
moyen a memoire (24) afin de commander I'accfes a chaque zone, dans lequel ledit moyen de 
commande d'accfes memorise en outre une condition de sortie pour decider si les donnees sent ou non 
chiffrees avant que les donnees contenues dans ledit moyen k memoire soient sorties. 

50 

2. Dispositif portatif pour la memorisation/ le traitement de donnees qui est connectable par I'intermediaire 
d'un terminal ^ un dispositif central de traitement de donnees, comprenant: 

un corps principal portatif (10); 

un moyen a memoire (24) dont un secteur de memoire est segmente en un ensemble de zones pour 
55 memoriser des donnees fournies audit corps principal (10); et 

un moyen de commande d'acces (22) pour memoriser une condition d'acces pour chaque zone dudit 
moyen a memoire (24) afin de commander Taccfes k chaque zone, dans lequel ledit moyen de 
commande d'acces memorise en outre une condition d'acces pour representor si un mot de passe doit 
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ou non etre verifi^ avant un accfes audit moyen k m^moire. 

3. Dispositif selon Tune queiconque des revendications 1 et 2, caracterise en ce que ladite condition 
d'acces est un classement d'acces par des gens. 

5 

4. Dispositif seion la revendication 3, caractdrisd en ce que iedit moyen de connmande d'acces rdentifie 
une personn© par son mot de passe. 

5. Dispositif selon I'une queiconque des revendications 1 et 2. caracterise en ce que ladite condition 
10 d'acces est un type de terminal. 

6. Dispositif selon I'une queiconque des revendications 1 et 2. caracterise en ce que ladite condition 
d'acces est une combinaison d'un classement d'acces des gens et d'un type de terminal. 

75 7. Dispositif seion I'une queiconque des revendications 1 et 2. caracterise en ce que Iedit dispositif 
portatif de memorisation/ traitement de donnees est une carte de circuit integre. 

8. Dispositif selon I'une queiconque des revendications 1 et 2, caracterise en ce que iedit terminal 
comprend: 

20 un moyen d'ecriture de condition d'acces (48) pour segmenter iedit moyen de commande d'acces (22) 
en secteurs de zones, chacun correspondant auxdites zones dudit moyen a memoire (24). et pour 
ecrire des conditions d'accfes pour Iedit ensemble de zones dudit moyen a memoire (24) respective- 
ment dans lesdits secteurs de zones dudit moyen de commande d'acces (22), de telle sorte que le 
secteur dudit moyen a memoire (24) est segmente en zones de capacites voulues. 

25 

9. Dispositif selon la revendication 8, caracterise en ce que chacun desdits secteurs de zones dudit 
moyen da commande d'accfes (22) segment^ par Iedit moyen d'ecriture de condition d'acces (48) 
memorise une adresse de tete et la capacite de ladite zone dudit moyen a memoire (24). 

30 10. Dispositif selon I'une queiconque des revendications 1 et 2, dans lequei Iedit moyen S memoire (24) 
comprend une premifere memoire remanente et Iedit moyen de commande d'acces (22) comprend une 
deuxieme memoire remanente. 

Anspriiche 

35 

1. Tragbare Vorrichtung zum Speichern und Verarbeiten von Daten. die uber eine Anschlu/Jvorrichtung mit 
einer Hauptdatenverarbeitungsvorrichtung verbindbar ist, mit: 

einem tragbaren Hauptkorper (10); 

einer Speichereinrichtung (24). deren Speicherberelch in eine Vielzahl von Zonen zum Speichern von 
40 zum Hauptkorper (1 0) zu speisenden Daten segmentiert ist: und 

einer Zugriffsteuereinrichtung (22) zum Speichern einer Zugriffbedingung fur jede Zone der Speicher- 
einrichtung (24), urn den Zugriff zu jeder Zone zu steuern. wobei die Zugriffsteuereinnchtung weiterhin 
einen Ausgangszustand speichert. urn zu entscheiden. ob die Daten verschiOsselt werden Oder nicht. 
bevor die Daten in die Speichereinrichtung ausgegeben werden. 

45 

2. Tragbare Vorrichtung zum Speichern und Verarbeiten von Daten. die iiber eine Anschluflvorrichtung mit 
einer Hauptdatenverarbeitungsvorrichtung verbindbar ist, mit: 

einem tragbaren Hauptkorper (10): 

einer Speichereinrichtung (24), deren Speicherberelch in eine Vielzahl von Zonen zum Speichern von 
50 zu dem Hauptkorper (10) zu speisenden Daten segmentiert ist: und 

einer Zugriffsteuereinrichtung (22) zum Speichern einer Zugriffbedingung fur jede Zone der Speicher- 
einrichtung (24), urn den Zugriff zu jeder Zone zu steuern. wobei die Zugriffsteuereinrichtung weiterhin 
eine Zugriffbedingung speichert, um wiederzugeben, ob ein Kennwort vor einem Zugriff der Speicher- 
einrichtugn verifiziert werden mufi oder nicht. 

55 

3. Vorrichtung nach Anspruch 1 Oder 2, dadurch gekennzeichnet. dafl die Zugriffbedingung eine Auswahl 
von Zugriffvolk ist. 
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4. Vorrichtung nach Anspruch 3. dadurch gekennzeichnet, daj5 die Zugriffsteuereinrichtung eine Person 
durch ihr Kennwort identifiziert. 

5. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet, daC die Zugriffbedingung die Art einer 
AnschluBvonichtung ist. 

6. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet, dafi die Zugriffbedingung eine Kombina- 
tion einer Auswahl von Zugriffvoik und einer Art der AnschlulJvonrichtung ist. 

7. Von-ichtung nach Anspruch 1 oder 2. dadurch gekennzeichnet. dai3 die tragbare Vorrichtung zum 
Speichern und Verarbeiten von Daten eine integrierte Schaltungskarte ist. 

8. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet. 6aB die Anschlu/Jvorrichtung umfaBt: 
eine Zugriffbedingungschreibeinrichtung (48) zum Segmentieren der Zugriffsteuereinrichtung (22) in 
Zonenbereiche. deren jede den Zonen der Speichereinrichtung (24) entspricht, und zum Schreiben von 
Zugriffbedingungen fur die Vielzahl von Zonen der Speichereinrichtung (24) jeweils in die Zonenberei- 
che der Zugriffsteuereinrichtung (22), so da/3 der Bereich der Speichereinrichtung (24) in Zonen von 
gewUnschten Grofien segmentiert ist. 

9. Vorrichtung nach Anspruch 8, dadurch gekennzeichnet dafl jeder der Zonenbereiche der Zugriffsteuer- 
einrichtung (22). der durch die Zugriffbedingungschreibeinrichtung (48) segmentiert ist. eine Kopfadres- 
se und die Grofle der Zone der Speichereinrichtung (24) speichert 

10. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet. dag. die Speichereinrichtung (24) einen 
ersten nicht-flOchtigen Speicher auf^veist und die Zugriffsteuereinrichtung (22) einen zv/eiten nichtfluch- 
figen Speicher umfaBt. 
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